Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

Your company stores sensitive PII in an Amazon Redshift RA3 cluster. Security mandates that all data at rest must be encrypted using keys that the security team can audit and rotate within AWS, without operating any hardware security modules. What is the MOST operationally efficient way to meet this requirement?

  • Configure the cluster to use server-side encryption with customer-provided keys (SSE-C) for its managed storage.

  • Encrypt data client-side before loading, then disable Amazon Redshift encryption to avoid double encryption.

  • Enable cluster encryption with an AWS KMS customer managed key when creating or modifying the cluster.

  • Create an AWS CloudHSM cluster and store the Redshift cluster key there.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot